14603 matches found
Login Rebuilder < 1.2.0 - Cross Site Request Forgery
The Login rebuilder WordPress plugin was affected by a Cross Site Request Forgery security vulnerability...
MF Gig Calendar 0.9.4.1 - URL Cross-Site Scripting
The MF Gig Calendar WordPress plugin was affected by an URL Cross-Site Scripting security vulnerability...
VideoWhisper Live Streaming Integration 4.27.3 - Multiple Vulnerabilities
The Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP WordPress plugin was affected by a Multiple Vulnerabilities security vulnerability...
WordPress 3.6 - Post Authorship Spoofing
...
WP Live Chat Support < 4.1.0 - XSS
The 3CX Live Chat WordPress plugin was affected by a XSS security vulnerability...
WordPress 3.6 - PHP Object Injection
...
Events Manager < 5.3.6.1 - Multiple Cross-Site Scripting (XSS)
The Events Manager WordPress plugin was affected by a Multiple Cross-Site Scripting XSS security vulnerability...
Limit Login Attempts < 1.7.1 - Auth Cookies Brute Force Bypass
From the changelog of the plugin: "Auth cookies" are special cookies set at login that authenticating you to the system. It is how WordPress "remembers" that you are logged in between page loads. During lockout these are supposed to be cleared, but a change in 1.6.2 broke this. It allowed an...
Sodahead Polls < 2.0.4 - XSS
The SodaHead Polls WordPress plugin was affected by a XSS security vulnerability...
Dextaz Ping <= 0.65 - Admin+ RCE
Description The plugin is vulnerable to Remote Code Execution, allowing authenticated attackers, with administrator-level access and above, to execute code on the server...
Fastly < 1.2.26 - Missing Authorization via AJAX actions
Description The Fastly plugin for WordPress is vulnerable to unauthorized access to functionality due to a missing capability check on the plugin's AJAX actions in versions up to, and including, 1.2.25. This makes it possible for authenticated attackers, with subscriber-level access and above, to...
WP Job Manager < 2.3.0 - Unauthenticated Information Exposure
Description The WP Job Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.2. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data...
AWSOM News Announcement <= 1.6.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The AWSOM News Announcement plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
WP Photo Album Plus < 8.7.01.002 - Unauthenticated Arbitrary File Upload
Description The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on the import functionality and no capability check in all versions up to, and including, 8.7.01.001. This makes it possible for unauthenticated attackers to upload...
gee Search Plus, improved WordPress search <= 1.4.4 - Authenticated (Admin+) Stored Cross-Site Scripting
Description The gee Search Plus, improved WordPress search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...
Tutor LMS Pro < 2.7.1 - Missing Authorization to SQL Injection
Description The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'getcalendarmaterials' function. The plugin is also vulnerable to SQL Injection via the ‘year’ parameter of that function du...
Tutor LMS Pro < 2.7.1 - Missing Authorization to Privilege Escalation
Description The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'authenticate' function in all versions up to, and including, 2.7.0. This makes it possible for authenticated attackers, wit...
Jetpack < 13.4 - Contributor+ Stored Cross-Site Scripting via wpvideo Shortcode
Description The plugin did not properly escape some of its shortcode attributes, allowing users with at least the contributor role to conduct Stored XSS attacks. PoC wpvideo OcobLTqC freedom=true preloadContent='"src=x onerror=alertdocument.cookie xss'...
Simple Ajax Chat < 20240412 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup This was partially fixed in 0240216 bu...
Survey Maker < 4.1.0 - IP Address Spoofing
Description The Survey Maker – Best WordPress Survey Plugin plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 4.0.9 due to insufficient IP address validation and/or use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it...
The Plus Addons for Elementor < 5.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Age Gate
Description The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Age Gate widget in all versions up to, and including, 5.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
RomethemeKit For Elementor < 1.4.2 - Missing Authorization
Description The RomethemeKit For Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the addNewPost function in versions up to, and including, 1.4.1. This makes it possible for unauthenticated attackers to add new posts...
Photo Gallery by 10Web < 1.8.21 - Missing Authorization
Description The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.8.20. This makes it possible for unauthenticated attackers to perform an...
XforWooCommerce <= 2.0.2 - Authenticated (Subscriber+) Local File Inclusion
Description The XforWooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to include and execute arbitrary files on the server, allowing the...
FV Flowplayer Video Player < 7.5.45.7212 - Authenticated (Subscriber+) Server-side Request Forgery
Description The FV Flowplayer Video Player plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.5.43.7212. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary locations...
Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy) < 5.2.4 - Missing Authorization
Description The Analytify – Google Analytics Dashboard For WordPress GA4 analytics made easy plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on AJAX functions in combination with nonce leakage. This makes it possible for authenticated attackers,...
WP ULike – Most Advanced WordPress Marketing Toolkit < 4.7.0 - Authenticated (Contributor+) SQL Injection via Shortcodes
Description The WP ULike – Most Advanced WordPress Marketing Toolkit plugin for WordPress is vulnerable to SQL Injection via the 'status' and 'id' attributes of the 'wpulikecounter' and 'wpulike' shortcodes in all versions up to, and including, 4.6.9 due to insufficient escaping on the user...
Download Manager < 3.2.83 - Unauthenticated Password Protected File Bypass
Description The plugin is vulnerable to information disclosure, allowing unauthenticated attackers to bypass password protected file restrictions...
WP Google Analytics Events < 2.8.1 - Reflected Cross-Site Scripting
Description The WP Google Analytics Events – No-Code Custom Event Tracking for Google Analytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.8.0 due to insufficient input sanitization and output escaping. This makes it possible for...
Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) < 3.12.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Leaflet Maps Marker Google Maps, OpenStreetMap, Bing Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mapsmarker' shortcode in all versions up to, and including, 3.12.8 due to insufficient input sanitization and output escaping on user...
Smart Slider 3 < 3.5.1.23 - Contributor+ Stored XSS via SVG Upload
Description The plugin does not properly validate that users calling its upload function are allowed to making it possible for authenticated attackers, with contributor-level access and above, to upload files, including SVG files, which can be used to conduct stored cross-site scripting attacks...
Slideshow Gallery < 1.7.9 - Contributor+ SQLi
Description The plugin is vulnerable to SQL Injection due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL...
WordPress Announcement & Notification Banner Plugin – Bulletin < 3.9.0 - Authenticated (Administrator+) SQL Injection
Description The WordPress Announcement & Notification Banner Plugin – Bulletin plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.8.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...
Import Export WordPress Users < 2.5.3 - Authenticated (Shop Manager+) Path Traversal
Description The Export and Import Users and Customers plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.5.2. This makes it possible for authenticated attackers, with shop manager-level access and above, to read the contents of arbitrary files on the...
Events Manager < 6.4.7 - Missing Authorization
Description The Events Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in versions up to, and including, 6.4.6.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions...
Lordicon Animated Icons <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Lordicon Animated Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above...
Chauffeur Taxi Booking System for WordPress < 7.3 - Unauthenticated Arbitrary File Upload
Description The plugin is vulnerable to arbitrary file uploads due to missing file type validation, allowing unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible...
OceanWP < 3.5.5 - Subscriber+ Sensitive Information Exposure
Description The theme is vulnerable to unauthorized access of data due to a missing capability check on the loadthemepanelpane function, allowing authenticated attackers, with subscriber-level access and above, to expose sensitive information such as system/environment data and API keys...
Responsive < 5.0.3 - Missing Authorization to HMTL Injection
Description The Responsive theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savefootertextcallback function in all versions up to, and including, 5.0.2. This makes it possible for unauthenticated attackers to inject arbitrary HTML...
WP ERP < 1.30.0 - Authenticated (Accounting Manager+) SQL Injection via id
Description The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in all versions up to, and including, 1.12.9 due to insufficient escaping on the user supplied parameter...
Tourfic < 2.11.16 - Authenticated (Subscriber+) Arbitrary File Upload
Description The Tourfic – Ultimate Hotel Booking, Travel Booking & Apartment Booking WordPress Plugin | WooCommerce Booking plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.11.15. This makes it possible for...
WP Media folder < 5.7.3 - Authenticated (Subscriber+) Arbitrary File Upload
Description The WP Media folder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation function in all versions up to, and including, 5.7.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary...
Download Manager < 3.2.85 - Contributor+ Stored XSS
Description The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that...
WordPress Ping Optimizer <= 2.35.1.3.0 - Log Clearing via CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as clearing logs. PoC Make a logged in admin open the URL below...
Super Page Cache for Cloudflare < 4.7.6 - Cross-Site Request Forgery
Description The Super Page Cache for Cloudflare plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.7.5. This is due to missing or incorrect nonce validation on the adminmenupageindex function. This makes it possible for unauthenticated attackers t...
Premium Addons for Elementor (Free < 4.10.24, Pro < 2.9.14) - Contributor+ Stored XSS
Description The plugins are vulnerable to Stored Cross-Site Scripting via the plugins' widgets due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrar...
Easy Social Feed < 6.5.5 - Cross-Site Request Forgery
Description The Easy Social Feed – Social Photos Gallery – Post Feed – Like Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5.4. This is due to missing or incorrect nonce validation on the savegroupslist function. This makes it possible...
Premium Addons PRO < 2.9.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via Premium Magic Scroll Module
Description The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Premium Magic Scroll module in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...
Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) < 2.8.8 - Missing Authorization
Description The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions UGC plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the buddyformsnewpage function in all versions up to, and...
Backup and Restore WordPress < 1.50 - Unauthenticated Sensitive Data Exposure
Description The plugin does not protect some log files containing sensitive information such as site configuration etc, allowing unauthenticated users to access such data. PoC 1 There is a lot of sensitive data and most importantly, you can download this logs to your machine and read it. These...